[krbdev.mit.edu #8015] git commit
Greg Hudson via RT
rt-comment at krbdev.mit.edu
Thu Sep 18 15:38:47 EDT 2014
Fix ksu crash in cases where it obtains the TGT
In order to allow ksu to use any locally-present service key for
verifying creds, the previous change to ksu switched from using a
retrieved or obtained TGT to fetch creds for the local "host" service,
and then passing those creds to krb5_verify_init_creds(), to passing the
retrieved TGT directly to krb5_verify_init_creds().
It did not take care to retrieve the TGT from the temporary ccache if it
had obtained them, and in those cases it would attempt to verify NULL
creds.
Modify the krb5_get_tkt_via_passwd() function to call
krb5_get_init_creds_password(), to pass back the freshly-obtained creds,
to take a "krb5_get_init_creds_opt" pointer instead of a locally-defined
options structure, and rename it to ksu_get_tgt_via_passwd().
https://github.com/krb5/krb5/commit/5fd5a67c5a93514e7d0a64425baa007ad91f57de
Author: Nalin Dahyabhai <nalin at redhat.com>
Committer: Greg Hudson <ghudson at mit.edu>
Commit: 5fd5a67c5a93514e7d0a64425baa007ad91f57de
Branch: master
src/clients/ksu/heuristic.c | 4 +-
src/clients/ksu/krb_auth_su.c | 58 ++++++++++++----------------------------
src/clients/ksu/ksu.h | 17 +++--------
src/clients/ksu/main.c | 56 ++++++++++++++++-----------------------
4 files changed, 48 insertions(+), 87 deletions(-)
More information about the krb5-bugs
mailing list